[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN


  • Subject: Re: [Openvpn-users] OpenVPN
  • From: Jean-Pierre Schwickerath <lists@xxxxxxxxxxxx>
  • Date: Fri, 17 Sep 2004 13:03:09 +0200


 
> My client config files:

Looks good so far.

> -------------------------------------
> My server config:


> 
> # Configure server mode for ethernet bridging.
> # You must first use your OS's bridging capability
> # to bridge the TAP interface with the ethernet
> # NIC interface.  Then you must manually set the
> # IP/netmask on the bridge interface, here we
> # assume 10.8.0.4/255.255.255.0.  Finally we
> # must set aside an IP range in this subnet
> # (start=10.8.0.50 end=10.8.0.100) to allocate
> # to connecting clients.  Leave this line commented
> # out unless you are ethernet bridging.
> ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

server-bridge 192.168.201.199 255.255.255.0 192.168.210.200
192.168.210.250

 
> mode server
> tls-server
> ifconfig 192.168.210.199 255.255.255.0
> ifconfig-pool 192.168.210.200 192.168.210.250

comment this out.

> # Push routes to the client to allow it
> # to reach other private subnets behind
> # the server.  Remember that these
> # private subnets will also need
> # to know to route the OpenVPN client
> # address pool (10.8.0.0/255.255.255.0)
> # back to the OpenVPN server.
> ;push "route 192.168.10.0 255.255.255.0"
> ;push "route 192.168.20.0 255.255.255.0"
> push "route 192.168.210.0 255.255.255.0 192.168.210.199"
> push "route-gateway 192.168.210.199"

you don't need this anymore as the bridge setup takes care of it.


> ;client-config-dir ccd
> ;route 192.168.40.128 255.255.255.248
> client-config-dir ccd
> route 192.168.101.0 255.255.255.0 192.168.1.1

Why are you setting up routing for your protected network? You don't
need it as the client will get an ip address out of the pool-range and
will have direct access to the subnet. Commment it out. 


Try it and tell me if it works.


Jean-Pierre
-- 
Powered by Linux From Scratch - http://schwicky.net/
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141

Nothing is impossible... Everything is relative!

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users